A generic DNS black hole zone generator
Project description
Generating an agregated host file is also possible.
Features
Not bound to a specific DNS server, generates a file format of your choice
Supports 3 different list format
Host file
Lets you whitelist/blacklist domains
YAML configuration file
Installation
The script requires PyYAML and requests modules.
pip install [--upgrade] dns-blackhole
Unbound
zone_data: 'local-zone: "{domain}" always_nxdomain'
{domain} wil be replaced by the blackholed domains
PowerDNS Recursor
zone_data: '{domain}='
{domain} wil be replaced by the blackholed domains
Dnsmasq
zone_data: 'server=/{domain}/'
{domain} wil be replaced by the blackholed domains
Host file
Use the following zone_data in your dns-blackhole.yml:
zone_data: '127.0.0.1 {domain}'
Configuration
As the configuration file is in YAML, you can use YAML anchors
dns-blackhole:
general:
cache: /var/cache/dns-blackhole
log: /var/log/dns-blackhole/dns-blackhole.log
whitelist: /etc/dns-blackhole/whitelist
blacklist: /etc/dns-blackhole/blacklist
blackhole_lists:
hosts:
- http://someonewhocares.org/hosts/hosts
- https://hosts-file.net/download/hosts.txt
- http://winhelp2002.mvps.org/hosts.txt
- http://www.malwaredomainlist.com/hostslist/hosts.txt
- https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts;showintro=0
easylist: &bh_easy
- https://easylist.to/easylist/easylist.txt
- https://raw.githubusercontent.com/paulgb/BarbBlock/master/BarbBlock.txt
disconnect: &bh_disconnect
url: https://services.disconnect.me/disconnect-plaintext.json
categories: # Advertising, Analytics, Disconnect, Social
- Advertising
- Analytics
config:
zone_file: /etc/unbound/blackhole.zone
# {domain} will be replaced by the blackholed domain, do not change it here
zone_data: 'local-zone: "{domain}" always_nxdomain'
blackhole_lists:
hosts:
- http://winhelp2002.mvps.org/hosts.txt
easylist: *bh_easy
disconnect: *bh_disconnect
In this example you would keep easylist and disconnect lists, but would remove all host file lists except mvps.
FAQ
What’s the advantage of having the DNS server returning NX instead of 127.0.0.1
Having your DNS server return NXDOMAIN - Non existant domain - on the other side makes your client behave faster as there’s nothing to retry when the domain doesn’t exist.
Why using forward-zones-file option instead of auth-zones in PowerDNS recursor?
Which DNS server is the best?
It’s really a matter of preferences and what you have available. Use the one you’re the most comfortable with.
TODO
Cache is not implemented yet
Log is not implemented yet
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.